[
https://issues.apache.org/jira/browse/MAPREDUCE-2103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289421#comment-13289421
]
Hudson commented on MAPREDUCE-2103:
-----------------------------------
Integrated in Hadoop-Mapreduce-22-branch #104 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-22-branch/104/])
MAPREDUCE-2103. Additional changes to task-controller.c Contributed by
Benoy Antony. (Revision 1346254)
Result = SUCCESS
shv : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1346254
Files :
* /hadoop/common/branches/branch-0.22/mapreduce/CHANGES.txt
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.c
> task-controller shouldn't require o-r permissions
> -------------------------------------------------
>
> Key: MAPREDUCE-2103
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2103
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Trivial
> Fix For: 0.22.0, 1.1.0
>
> Attachments: mapreduce-2103-20x.patch, mapreduce-2103.txt,
> mapreduce-2103.txt, mr-2103-0.22.patch
>
>
> The task-controller currently checks that "other" users don't have read
> permissions. This is unnecessary - we just need to make it's not executable.
> The debian policy manual explains it well:
> {quote}
> Setuid and setgid executables should be mode 4755 or 2755 respectively, and
> owned by the appropriate user or group. They should not be made unreadable
> (modes like 4711 or 2711 or even 4111); doing so achieves no extra security,
> because anyone can find the binary in the freely available Debian package; it
> is merely inconvenient. For the same reason you should not restrict read or
> execute permissions on non-set-id executables.
> Some setuid programs need to be restricted to particular sets of users, using
> file permissions. In this case they should be owned by the uid to which they
> are set-id, and by the group which should be allowed to execute them. They
> should have mode 4754; again there is no point in making them unreadable to
> those users who must not be allowed to execute them.
> {quote}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
